Hashing, Passwords, and Certificates
This series explains the fundamentals of hashing and its application in passwords and certificates.
Today, the most common way of providing security in giving access to data or systems is through the use of passwords. Practically every online site now expects you to create an account with a password, which will let you post comments, order products, conduct business, or just post to social media. The implication is that …
Right now for most of us the key to any security in our online life is the degree of entropy in our passwords. So what is entropy, and how does it affect our passwords? Entropy is in general the degree of randomness or disorder in any given system. Sometimes it is very easy to assess, …
Previously we looked at Public Key encryption, which is also called Asymmetric Encryption because it uses two different keys for the encryption and decryption. This allows us to solve one of the biggest problems in secure encrypted communication, which is key distribution. Because the public key can be freely distributed, you don’t need to maintain …
Digital Signatures are something that is very important in understanding security on the Internet. While we have seen it in the context of personal e-mail, the applications are much broader, in particular to the use of certificates to establish communication. Recall from our discussion of e-mail that there are two things you can do with …
Last time we looked at some basics about how TLS and SSL work, and saw that this is basically an application of the same technology used to encrypt e-mails. But we also noted that there are some problems with this approach. We need to recognize that in security there is never a permanent solution, and …